新建mapping

新建索引： PUT logstash-redis-log-2017.12

PUT logstash-redis-log-2017.12/_mapping/redis-log

{ "properties" : {

"@timestamp" : {

"type" : "date"

},

"@version" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"Query" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"Rt" : {

"type" : "long",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"dest_ip" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"dest_port" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"kafka" : {

"properties" : {

"consumer_group" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"offset" : {

"type" : "long"

},

"partition" : {

"type" : "long"

},

"topic" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"message" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"request_len" : {

"type" : "long",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"request_ts" : {

"type" : "long",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"response_len" : {

"type" : "long",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"souce_ip" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

新建索引： PUT logstash-iis-log-2017.12

PUT logstash-iis-log-2017.12/_mapping/iis-log

{

"properties": {

"@timestamp": {

"type": "date"

},

"@version": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"c-ip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-bytes": {

"type": "long",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-host": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-method": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-uri-query": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-uri-stem": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"kafka": {

"properties": {

"consumer_group": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"offset": {

"type": "long"

},

"partition": {

"type": "long"

},

"topic": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"message": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"s-ip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"s-port": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-bytes": {

"type": "long",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-status": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-substatus": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-win32-status": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"tags": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"time-taken": {

"type": "long",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"timestamp": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"type": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

新建template

Collapse source

PUT _template/logstash-iislog

{

"template" : "logstash-iislog-*",

"settings" : {

"index.refresh_interval" : "5s"

},

"mappings" : {

"iislog" : {

"dynamic_templates" : [ {

"string_fields" : {

"match" : "*",

"match_mapping_type" : "string",

"mapping" : {

"type" : "string", "index" : "not_analyzed", "omit_norms" : true

}

} ],

"properties": {

"@timestamp": {

"type": "date"

},

"@version": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"c-ip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-bytes": {

"type": "long",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-host": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-method": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-uri-query": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-uri-stem": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"kafka": {

"properties": {

"consumer_group": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"offset": {

"type": "long"

},

"partition": {

"type": "long"

},

"topic": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"message": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"s-ip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"s-port": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-bytes": {

"type": "long",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-status": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-substatus": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-win32-status": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"tags": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"time-taken": {

"type": "long",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"timestamp": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"type": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

iis字段全选：

Collapse source

PUT _template/logstash-iis-ex

{

"template" : "logstash-iis-ex-*",

"settings" : {

"index.refresh_interval" : "5s"

},

"mappings" : {

"iis-ex" : {

"dynamic_templates" : [ {

"string_fields" : {

"match" : "*",

"match_mapping_type" : "string",

"mapping" : {

"type" : "string", "index" : "not_analyzed", "omit_norms" : true

}

} ],

"properties": {"cs-method": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs-uri-stem": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs-uri-query": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"sc-substatus": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"s-computername": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs-username": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"type": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"sc-win32-status": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs-host": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs-version": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"@version": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"timestamp": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"s-sitename": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs-bytes": {"type": "long",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"message": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"tags": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"time-taken": {"type": "long",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"@timestamp": {"type": "date"

},

"s": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"s-ip": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"kafka": {"properties": {"consumer_group": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"partition": {"type": "long"

},

"offset": {"type": "long"

},

"topic": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"s-port": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"sc-bytes": {"type": "long",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"c-ip": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

elasticsearch-template.json

Collapse source

{

"template" : "logstash-iis-log-*",

"settings" : {

"index.refresh_interval" : "5s"

},

"mappings" : {

"iis-log" : {

"dynamic_templates" : [ {

"string_fields" : {

"match" : "*",

"match_mapping_type" : "string",

"mapping" : {

"type" : "string", "index" : "not_analyzed", "omit_norms" : true

}

} ],

"properties": {

"cs-method": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"s-sitename": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"cs-uri-stem": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"cs-bytes": {

"type": "long",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"cs-uri-query": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"sc-substatus": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"s-computername": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"cs-username": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"message": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"type": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"time-taken": {

"type": "long",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"cs": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"sc-win32-status": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"@timestamp": {

"type": "date"

},

"cs-host": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"cs-version": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"s-ip": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"kafka": {

"properties": {

"consumer_group": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"partition": {

"type": "long"

},

"offset": {

"type": "long"

},

"topic": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"s-port": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"sc-status": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"@version": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"sc-bytes": {

"type": "long",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"c-ip": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"timestamp": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

PUT _template/f5-request

Collapse source

PUT _template/f5-request

{

"template" : "f5-request-*",

"settings" : {

"index.refresh_interval" : "5s"

},

"mappings": {

"f5-request": {

"dynamic_templates" : [ {

"string_fields" : {

"match" : "*",

"match_mapping_type" : "string",

"mapping" : {

"type" : "string", "index" : "not_analyzed", "omit_norms" : true

}

} ],

"properties": {

"@timestamp": {

"type": "date"

},

"@version": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"agent": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"bytes": {

"type": "long"

},

"clientip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"geoip": {

"properties": {

"city_name": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"continent_code": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"country_code2": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"country_code3": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"country_name": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"ip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"latitude": {

"type": "float"

},

"location": {

"type": "geo_point",

"ignore_malformed": "true"

},

"longitude": {

"type": "float"

},

"region_code": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"region_name": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"timezone": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"httpmethod": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"httpuri": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"httpversion": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"kafka": {

"properties": {

"consumer_group": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"offset": {

"type": "long"

},

"partition": {

"type": "long"

},

"topic": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"message": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"referer": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"response": {

"type": "long"

},

"response_ms": {

"type": "long"

},

"server": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"server_port": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"snat": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"tags": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"timestamp": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"type": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"user": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"virtual_ip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"virtual_name": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"virtual_pool_name": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"virtual_port": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

新建mapping的更多相关文章

Zabbix实战-简易教程--监控OSPF
一.需求背景网络工程师需要对OSPF进行监控,需求如下: 1.状态展示 OSPF区域状态 OSPF接口状态 OSPF邻居状态 2.问题报警触发器设置: a.OSPF区域状态 b.OSPF接口状态 ...
手把手教你搭建SSH框架（Eclipse版）
原文来自公众号[C you again],若需下载完整源码,请在公众号后台回复"ssh". 本期文章详细讲解了SSH(Spring+SpringMVC+Hibernate)框架的搭 ...
Atitit s2018.2 s2 doc list on home ntpc.docx \Atiitt uke制度体系法律法规规章条例国王诏书.docx \Atiitt 手写文字识别讯飞科大语音云.docx \Atitit 代码托管与虚拟主机.docx \Atitit 企业文化每日心灵鸡汤值班发布.docx \Atitit 几大研发体系对比 Stage-Gat
Atitit s2018.2 s2 doc list on home ntpc.docx \Atiitt uke制度体系法律法规规章条例国王诏书.docx \Atiitt 手写文字识别 ...
新建SpringBoot项目运行页面报错Whitelabel Error Page This application has no explicit mapping for /error, so yo
新建SpringBoot项目运行页面报错Whitelabel Error Page This application has no explicit mapping for /error, so yo ...
Intellij Idea 15 下新建 Hibernate 项目以及如何添加配置
1.说明:Idea 下,项目对应于 Eclipse 下的 workspace,Module 对应于 Eclipse 下的项目.Idea 下,新添加的项目既可以单独作为一个 Project,也可以作为一 ...
使用MyBatis Generator自动创建代码(dao,mapping,poji)
连接的数据库为SQL server2008,所以需要的文件为sqljdbc4.jar 使用的lib库有: 在lib库目录下新建一个src文件夹用来存放生成的文件,然后新建generatorConfig ...
[NHibernate]O/R Mapping基础
系列文章 [Nhibernate]体系结构 [NHibernate]ISessionFactory配置 [NHibernate]持久化类(Persistent Classes) 引言对象和关系数据库 ...
NHibernate系列文章二十八：NHibernate Mapping之Auto Mapping（附程序下载）
摘要上一篇文章介绍了Fluent NHibernate基础知识.但是,Fluent NHibernate提供了一种更方便的Mapping方法称为Auto Mapping.只需在代码中定义一些Conv ...
NHibernate系列文章二十七：NHibernate Mapping之Fluent Mapping基础（附程序下载）
摘要从这一节起,介绍NHibernate Mapping的内容.前面文章都是使用的NHibernate XML Mapping.NHibernate XML Mapping是NHibernate最早 ...

随机推荐

Number 的扩展
Number.parseInt(), Number.parseFloat() ES6 将全局方法parseInt()和parseFloat(),移植到Number对象上面,行为完全保持不变. Numb ...
SpringBoot中使用Scheduling执行定时任务
SpringBoot自带的 Schedule,可以将它看成一个轻量级的Quartz,而且使用起来比Quartz简单许多以下任务都是在单线程下执行的第一步创建SpringBoot项目第二步外汇 ...
MapReduce分区数据倾斜
什么是数据倾斜? 数据不可避免的出现离群值,并导致数据倾斜,数据倾斜会显著的拖慢MR的执行速度常见数据倾斜有以下几类 1.数据频率倾斜某一个区域的数据量要远远大于其他区域 2.数据大小倾斜 ...
线程池一 ForkJoinPool
java.util.concurrent public class ForkJoinPool extends AbstractExecutorService public abstract class ...
Springboot 上传文件
@PostMapping("/upload")//springboot可以直接扫描resource下的static文件夹下的静态文件 public String upload(@R ...
Perl 运算符
Perl 运算符运算符是一种告诉编译器执行特定的数学或逻辑操作的符号,如: 3+2=5. Perl 语言内置了丰富的运算符,我们来看下常用的几种: 算术运算符比较运算符逻辑运算符赋值运算符位 ...
PHP ftp_rawlist() 函数
定义和用法 ftp_rawlist() 函数返回 FTP 服务器上指定目录中文件的详细列表. 语法 ftp_rawlist(ftp_connection,dir,recursive) 参数描述 ft ...
反演+分块套分块——bzoj2154
题解都在论文里了 #include<bits/stdc++.h> using namespace std; #define maxn 10000005 #define ll long lo ...
原生js实现文件下载并设置请求头header
原生js实现文件下载并设置请求头header const token="自行定义";//如果有 /** * 向指定路径发送下载请求 * @param{String} url 请求路 ...
faster-rcnn代码阅读-roi-data层
这一节讲述roi-data层,和这一层有关的结构图如下: roi-data层的prototxt定义如下: layer { name: 'roi-data' type: 'Python' bottom: ...

新建mapping

新建mapping的更多相关文章

随机推荐

热门专题